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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 01 August 2002 . 
2a)d This action is FINAL. 2b)^ This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) E3 Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1-24 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are; a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

11) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAII b)D Some*c>n None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment! s) 

1 ) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 
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DETAILED ACTION 

1 . This Action is in response to the latest papers received on 01 August 2002. 

Drawings 

2. The drawings have been approved by the draftsperson (see PTO-948). 

Claim Objections 

3. Claim 3 is objected to because of the following informalities: in line 12, the limitation 
"the rules" is suggested be changed to --policy rules-. Claim 18, recites the limitation "the 
device". It is suggested that it be changed to read —network device—. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

5. Claims 2-24 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

Claims 2-8, 15-17, 23 and 24, the recitations "conditions", is unclear and ambiguous as to 
the specifics of the conditions applicant is claiming. It is not clear as to the metes and bounds of 
the claim language regarding the different conditions being claimed. 

Claim 3 recites the limitation "excluding conditions that would otherwise be implied by 
the rules" is unclear and vague. It is not clear as to the metes and bounds of the claim language. 

Claims 6-8 recites the limitation "the network" in line 4 of page 16. There is insufficient 
antecedent basis for this limitation in the claim. 
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Claims 7, 8 and 22-24, the recitation "another component" are unclear and ambiguous. It 
is not clear as to what another component represents. 

Claim 9-13, recites the limitation "the filters" and "the translated policies" in lines 9, 1 1 
and 12 of page 17. There is insufficient antecedent basis for this limitation in the claim. 

Claims 14-17, recites the limitation "the simplified rules" in lines 6 and 7 of page 18. 
There is insufficient antecedent basis for this limitation in the claim. 

Claims 18-21, recites the limitation "receive the policy rules" in line 4. There is 
insufficient antecedent basis for this limitation in the claim. 

Claims 18-21, recites the limitation "simplified rules" is unclear and ambiguous, It is not 
clear as to what a simplified rule represents. 

Claim Rejections - 35 USC § 102 
6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

1. Claims 1, 2, 9, 14, 15 and 18-23 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Gai et al. (Gai), U.S. Patent No. 6,167,445. 

8. Regarding claim 1, Gai discloses a method, comprising: based on policy rules [see Gai, 
abstract, Col. 5, lines 63-67 and Col. 6, lines 1-26], creating an access control list adapted to 
configure a network device [see Gai, Col. 13, lines 60-67 and Col. 14, lines 1-22]; and using the 
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access control list to generate access filters (Gai teaches that the access control lists object that 
contains a list of criteria statements (filters) to be applied to the packets), [see Gai, Col. 3, lines 
60-65 and Col. 15, lines 5-55]. By this rationale claim 1 is rejected. 

9. Regarding claim 2, Gai disclose further comprising expanding the policy rules into value 
groups that represent conditions associated with the policy rules [see Gai, Col. 15, lines 5-54, 
Col. 16, lines 1-43 and Col. 17, lines 23-47], (The Examiner is utilizing Applicant's specification 
as a guide for interpreting the claims. See page 6 and Figure 3 of Applicant's specification). By 
this rationale claim 2 is rejected. 

10. Regarding claim 9, Gai further discloses a computer network [see rejection of claim 1, 
supra], comprising: a first device adapted to disseminate policy rules in the network [see Gai, 
Col. 14, lines 57-67 and Col. 15, lines 1-4]; and a second device adapted to receive the policy 
rules disseminated on the network by the first device (Gai teaches that intermediate devices 
receives rules from the policy rule generating engine), [see Gai, Col. 14, lines 63-67] and 
adapted to: based on policy rules, create an access control list adapted to configure the at least 
one device from the filters [see Gai, Col. 14, lines 63-67, Col. 15, lines 1-16, Col. 16, lines 44-67 
and Col. 17, lines 1-2]; and to use the access control list to generate access filters from the 
translated policies [see rejection of claim 1, supra]. By this rationale claim 9 is rejected. 

1 1 . Regarding claim 14, Gai discloses an article comprising a computer-readable medium 
which stores computer executable instructions for managing policy rules on a network, the 
instructions causing a computer to: based on policy rules, create an access control list adapted 
to configure the devices from the simplified rules [see Gai, Col. 13, lines 60-67 and Col. 14, lines 
1-22]; and use the access control list to generate access filters (Gai teaches access control lists 
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object contains a list of criteria statements to be applied to packets), [see Gai, Col. 15, lines 20- 
35]. By this rationale claim 14 is rejected. 

12. Regarding claim 15, Gai discloses further comprising instructions to expand the policy 
rules into value groups, wherein value groups represent conditions associated with the policy 
rules [see rejection of claim 2, supra]. By this rationale claim 15 is rejected. 

13. Regarding claim 18, Gai discloses a network device, comprising: a configurable 
management process located on the device having instructions to: receive the policy rules in a 
network device; translate the policy rules to a set of simplified rules [see Gai, Col. 13, lines 60- 
67 and Col. 14, lines 1-22]; create an access control list adapted to configure the devices from 
the simplified rules [see Gai, Col. 14, lines 56-67 and Col. 15, lines 1-16]; and use the access 
control list to generate access filters (Gai teaches access control lists object contains a list of 
criteria statements to be applied to packets), [see Gai, Col. 15, lines 20-35]. By this rationale 
claim 18 is rejected. 

14. Regarding claim 19, Gai discloses further comprising a connection to an external 
network (Gai teaches the Internet as the external network), [see Gai, Col. 1, lines 12-40]. By this 
rationale claim 19 is rejected. 

15. Regarding claim 20, Gai further discloses wherein the external network is a local area 
network [see Gai, Col. 1, lines 12-40]. By this rationale claim 20 is rejected. 

16. Regarding claim 21, Gai further discloses wherein the external network is the Internet 
[see Gai, Col. 1, lines 12-40]. By this rationale claim 21 is rejected. 

17. Regarding claim 22, Gai discloses a method of managing access by a device on a 
network to another component on the network, comprising: providing policy rules that determine 
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the access of the device to the component [see Gai, Col. 14, lines 57-67 and Col. 15, lines 1-35]. 
By this rationale claim 22 is rejected. 

18. Regarding claim 23, Gai discloses wherein the policy rules comprise: an access control 
list including the conditions that allow the device to access the component [see Gai, Col. 15, 
lines 5-35]; and filters for implementing the access [see Gai, Col. 15, lines 5-67 and Col. 16, 
lines 1-52]. By this rationale claim 23 is rejected. 



Claim Rejections - 35 USC § 103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made, 

20. Claims 3-8, 10-13, 16, 17 and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gai in view of Flint et al. (Flint), U.S. Patent No. 6,453,419. 

21 . Regarding claim 3, Gai discloses the invention substantially as claimed. Eventhough, 
Gai does imply certain conditions that are excluded. However, Gai does not explicitly disclose 
further comprising excluding conditions that would otherwise be implied by the rules. 

22. In the same field of endeavor, Flint discloses (e.g., system and method for implementing 
a security policy). Flint discloses further comprising excluding conditions that would otherwise 
be implied by the rules [see Flint, Col. 8, lines 58-64]. 
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23. Accordingly, it would have been obvious to one of ordinary skill in the networking art at 
the time the invention was made to have incorporated Flint's teachings of a system and method 
for implementing a security policy with the teachings of Gai, for the purpose of providing a 
method of presenting and managing access control rules which can easily respond to changes in 
the number of networks and users [see Flint, Col. 2, lines 1-3]. By this rationale claim 3 is 
rejected. 

24. Regarding claim 4, Gai-Flint discloses further comprising resolving inconsistent 
conditions that result from expanding the policy rules and excluding the policy rule conditions 
[see Gai, Col. 15, lines 14-34]. By this rationale claim 4 is rejected. 

25. Regarding claim 5, Gai-Flint discloses further comprising creating at least one array of 
included or excluded conditions from the policy rules [see Olden, Col. 18, lines 35-67 and Col. 
1-42]. By this rationale claim 5 is rejected. 

26. Regarding claim 6, Gai-Flint further discloses wherein generating the access filters 
further comprises: adding filters adapted to control access of a device to another component in 
the network [see rejection of claim 1, supra]. By this rationale claim 6 is rejected. 

27. Regarding claim 7, Gai-Flint discloses further comprising generating deny filters by 
combining the at least one array of excluded conditions and the at least one array of included 
conditions [see rejection of claim 5 and 6, supra]. By this rationale claim 7 is rejected. 

28. Regarding claim 8, Gai-Flint discloses further comprising generating permit filters by 
combining the at least one of the arrays of the included conditions with the remaining arrays of 
included conditions [see Flint, Col. 8, lines 43-67]. By this rationale claim 8 is rejected. 
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29. Regarding claim 10, Gai-Flint further discloses wherein the second device further 
comprises a permit filter [see Flint, Col 4, lines 12-66]. By this rationale claim 10 is rejected, 

30. Regarding claim 11, Gai-Flint discloses further comprising a plurality of data-storage 
devices [see Gai, Col. 9, lines 58-62] adapted to permit access to the second device [see Flint, 
Col. 4, lines 12-66]. By this rationale claim 11 is rejected. 

3 1 . Regarding claim 12, Gai-Flint further discloses wherein the second device further 
comprises a deny filter [see Flint, Col. 4, lines 12-66]. By this rationale claim 12 is rejected. 

32. Regarding claim 13, Gai-Flint discloses further comprising a plurality of data-storage 
devices adapted to deny access to the second device [see Flint, Col. 4, lines 12-66]. By this 
rationale claim 13 is rejected. 

33. Regarding claim 16, Gai-Flint discloses wherein the instructions to translate the policy 
rules further includes instructions to exclude conditions that would otherwise be implied by the 
policy rules [see rejection of claim 3, supra]. By this rationale claim 16 is rejected. 

34. Regarding claim 17, Gai-Flint discloses wherein the instructions to translate the policy 
rules further includes instructions to resolve inconsistent conditions that result from expanding 
the policy rules and excluding the policy rule conditions [see Flint, Col. 10, lines 20-67]. By this 
rationale claim 17 is rejected. 

35. Regarding claim 24, Gai-Flint further discloses wherein the access control list comprises 
include and exclude arrays that are combined to generate the filters [see Flint, Col. 8, lines 20- 
67, Col. 9, lines 1-67]. By this rationale claim 24 is rejected. 
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Claim Rejections - 35 USC §102 

36. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

37. Claims 1-24 are rejected under 35 U.S.C. 102(e) as being anticipated by Olden, U.S. 
Patent No. 6,460,141. 

38. Regarding independent claims 1, 9, 14, 18, and 22 (e.g., exemplary independent claim 
22), Olden discloses a method of managing access by a device on a network to another 
component on the network, comprising: providing policy rules that determine the access of the 
device to the component [see Olden, Col. 8, lines 12-34]. By this rationale independent claim 22 
is rejected. 

39. Regarding claim 23, Olden discloses wherein the policy rules comprise: an access 
control list including the conditions that allow the device to access the component [see Olden, 
Col. 7, lines 5-67, and Col. 8, lines 1-35, Col. 19, lines 1 1-28]; and filters for implementing the 
access [see Olden, Col. 17, lines 65-67 and Col. 18, lines 1-67]. By this rationale claim 23 is 
rejected. 

40. Regarding claim 24, Olden discloses wherein the access control lists comprises include 
and exclude arrays that are combined to generate filters [see Olden, Col. 8, lines 15-35]. By this 
rationale claim 24 is rejected. 
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Claim Rejections - 35 USC § 102 

41 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

42. Claims 1-24 are rejected under 35 U.S.C. 102(b) as being anticipated by Birnbaum, U.S. 
Patent No. 5,797,128. 

43. Regarding independent claims 1, 9, 14, 18, and 22 (e.g., exemplary independent claim 

22), Birnbaum discloses a method of managing access by a device on a network to another 
component on the network, comprising: providing policy rules that determine the access of the 
device to the component [see Birnbaum, Col. 4, lines 46-60, Col. 6, lines 60-65]. By this 
rationale independent claim 22 is rejected. 

44. Regarding dependent claims 2-8, 10-13, 15-17, 19-21, 23 and 24, the limitations of 
these claims are taught within the figures and disclosure of Birnbaum. 



Claim Rejections - 35 USC § 102 

45. Claims 1-24 are rejected under 35 U.S.C. 102(b) as being anticipated by Schneider et al. 
(Schneider), U.S. Patent No. 6,408,336. 

46. Regarding independent claims 1, 9, 14, 18, and 22 (e.g., exemplary independent claim 
22), Schneider discloses a method of managing access by a device on a network to another 
component on the network, comprising: providing policy rules that determine the access of the 
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device to the component [see Schneider, Figures 3, 4, 8, Col 6, lines 3-35]. By this rationale 
independent claim 22 is rejected. 

47. Regarding dependent claims 2-8, 10-13, 15-17, 19-21, 23 and 24, the limitations of 
these claims are taught within the figures and disclosure of Schneider. 

Conclusion 

48. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. Angal et al. (Angal), U.S. Patent No. 5,999,978 discloses policy rules, conditions, 
access control lists and filters [see Angal, abstract, Figure 3-9, Col. 2, lines 49-67, Col. 3, 
lines 1-21]. 

b. Ahlstrom et al. (Ahlstrom), U.S. Patent No. 6,327,618 discloses policy rules, 
conditions, access control lists and filters [see Ahlstrom, abstract, Col. 3, lines 40-67 and 
Col. 4, lines 1-59]. 

c. Fitler, Jr. et al. (Fitler), U.S. Patent No. 6,366,913 discloses policy rules, 
conditions, access control lists and filters [see Fitler, Col. 4, lines 64-67 and Col. 5, lines 
1-67]. 

d. Morciconi et al. (Morciconi), U.S. Patent No. 6, 158,010 discloses policy rules, 
conditions, access control lists, and filters [see Moriconi, Col. 3, lines 50-67, Col. 4, lines 
1-48, Col. 5, lines 47-67, Col. 6, lines 1-32, Col. 8, lines 15-67]. 
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Conclusion 

49. It is the Examiner's position that Applicant has not submitted claims drawn to limitations, 
which define the operation and apparatus of Applicant's disclosed invention in manner, which 
distinguishes over the prior art. As it is Applicant's right to continue to claim as broadly as 
possible their invention. It is also the Examiner's right to continue to interpret the claim 
language as broadly as possible. It is the Examiner's position that the detailed functionality that 
allows for Applicant's invention to overcome the prior art used in the rejection, fails to 
differentiate in detail how these features are unique. As it is extremely well known in the 
networking art as already shown by the numerous cited prior arts of records, to have policy rules, 
creation of access control lists, conditions, access filters as well as other claimed features of 
Applicant's invention. Thus, it is clear that Applicant must submit amendments to the claims in 
order to distinguish over the prior art use in the rejection that discloses different features of 
Applicant's claim invention. 

50. Applicant employs broad language, which includes the use of word, and phrases, which 
have broad meanings in the art (conditions, exclude, include). As the claims breadth allows 
multiple interpretations and meanings, which are broader than Applicant's disclosure, the 
Examiner is forced to interpret the claim limitations as broadly and as reasonably possible, in 
determining patentability of the disclosed invention. Although the claims are interpreted in light 
of the specification, limitations from the specification are not read into the claims. See In re Van 
Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir.1993). 

5 1 . Failure for Applicant to significantly narrow definition/scope of the claims and supply 
arguments commensurate in scope with the claims implies the Applicant intends broad 
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interpretation be given to the claims. The Examiner has interpreted the claims with scope 
parallel to the Applicant in the response, and reiterates the need for the Applicant to more clearly 
and distinctly, define the claimed invention. 

52. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to William C. Vaughn, Jr. whose telephone number is (703) 306- 
9129. The examiner can normally be reached on 8:00-5:00, 1st Friday Off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A Wiley can be reached on (703) 308-5221. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-9700. 




William C. Vaughn, J 
Patent Examiner 
Art Unit 2143 
22 October 2003 



